Legal claims defining the scope of protection, as filed with the USPTO.
1. A computer-implemented method for prioritizing remediations in systems of an enterprise, the method being executed by one or more processors and comprising: providing, by a security platform, graph data defining a graph that is representative of an enterprise network, the graph comprising nodes and edges between nodes, a set of nodes representing respective assets within the enterprise network, each edge representing at least a portion of one or more lateral movement paths between assets in the enterprise network; determining, for each asset, a contribution value indicating a contribution of a respective asset to operation of a process; determining two or more lateral movements paths between a first asset and a second asset within the graph; providing, for each lateral movement path, a lateral movement path value representative of a difficulty in traversing a respective lateral movement path within the enterprise network; identifying a set of remediations based on two or more remediations defined for one or more vulnerabilities associated with issues identified for respective assets, each remediation mitigating a cyber-security risk within the enterprise network; and prioritizing the two or more remediations based on contribution values of assets, lateral movement path values of paths, and one of lateral movement complexity values of respective segments of paths and costs of respective remediations.
2. The method of claim 1 , wherein each lateral movement path value is determined based on at least one lateral movement complexity value and a preconditioned action.
3. The method of claim 2 , wherein the preconditioned action is performed before a lateral movement action of an attacked can be executed within the enterprise network.
4. The method of claim 1 , wherein each segment represents a lateral movement between a first node and a second node within the graph.
5. The method of claim 1 , wherein after a path is remediated, a next path is selected based on lateral movement path value and remediations are re-prioritized.
6. The method of claim 1 , wherein the graph is generated by a discovery service, the discovery service detecting assets using one or more adaptors and respective asset discovery tools that generate an asset inventory and a network map of the enterprise network.
7. The method of claim 1 , wherein each asset is identified as a target within the enterprise network, the target being selected based on a disruption occurring in response to an attack on the target.
8. The method of claim 7 , wherein the disruption is based on one or more metrics.
9. The method of claim 8 , wherein the one or more metrics comprise loss of technical resources, physical losses, disruption in services, and financial losses.
10. A non-transitory computer-readable storage medium coupled to one or more processors and having instructions stored thereon which, when executed by the one or more processors, cause the one or more processors to perform operations for prioritizing remediations in systems of an enterprise, the operations comprising: providing, by a security platform, graph data defining a graph that is representative of an enterprise network, the graph comprising nodes and edges between nodes, a set of nodes representing respective assets within the enterprise network, each edge representing at least a portion of one or more lateral movement paths between assets in the enterprise network; determining, for each asset, a contribution value indicating a contribution of a respective asset to operation of a process; determining two or more lateral movements paths between a first asset and a second asset within the graph; providing, for each lateral movement path, a lateral movement path value representative of a difficulty in traversing a respective lateral movement path within the enterprise network; identifying a set of remediations based on two or more remediations defined for one or more vulnerabilities associated with issues identified for respective assets, each remediation mitigating a cyber-security risk within the enterprise network; and prioritizing the two or more remediations based on contribution values of assets, lateral movement path values of paths, and one of lateral movement complexity values of respective segments of paths and costs of respective remediations.
11. The computer-readable storage medium of claim 10 , wherein each lateral movement path value is determined based on at least one lateral movement complexity value and a preconditioned action.
12. The computer-readable storage medium of claim 11 , wherein the preconditioned action is performed before a lateral movement action of an attacked can be executed within the enterprise network.
13. The computer-readable storage medium of claim 10 , wherein each segment represents a lateral movement between a first node and a second node within the graph.
14. The computer-readable storage medium of claim 10 , wherein after a path is remediated, a next path is selected based on lateral movement path value and remediations are re-prioritized.
15. The computer-readable storage medium of claim 10 , wherein the graph is generated by a discovery service, the discovery service detecting assets using one or more adaptors and respective asset discovery tools that generate an asset inventory and a network map of the enterprise network.
16. The computer-readable storage medium of claim 10 , wherein each asset is identified as a target within the enterprise network, the target being selected based on a disruption occurring in response to an attack on the target.
17. The computer-readable storage medium of claim 16 , wherein the disruption is based on one or more metrics.
18. The computer-readable storage medium of claim 17 , wherein the one or more metrics comprise loss of technical resources, physical losses, disruption in services, and financial losses.
19. A system, comprising: one or more computers; and a computer-readable storage device coupled to a computing device and having instructions stored thereon which, when executed by the computing device, cause the computing device to perform operations for prioritizing remediations in systems of an enterprise, the operations comprising: providing, by a security platform, graph data defining a graph that is representative of an enterprise network, the graph comprising nodes and edges between nodes, a set of nodes representing respective assets within the enterprise network, each edge representing at least a portion of one or more lateral movement paths between assets in the enterprise network; determining, for each asset, a contribution value indicating a contribution of a respective asset to operation of a process; determining two or more lateral movements paths between a first asset and a second asset within the graph; providing, for each lateral movement path, a lateral movement path value representative of a difficulty in traversing a respective lateral movement path within the enterprise network; identifying a set of remediations based on two or more remediations defined for one or more vulnerabilities associated with issues identified for respective assets, each remediation mitigating a cyber-security risk within the enterprise network; and prioritizing the two or more remediations based on contribution values of assets, lateral movement path values of paths, and one of lateral movement complexity values of respective segments of paths and costs of respective remediations.
20. The system of claim 19 , wherein each lateral movement path value is determined based on at least one lateral movement complexity value and a preconditioned action.
21. The system of claim 20 , wherein the preconditioned action is performed before a lateral movement action of an attacked can be executed within the enterprise network.
22. The system of claim 19 , wherein each segment represents a lateral movement between a first node and a second node within the graph.
23. The system of claim 19 , wherein after a path is remediated, a next path is selected based on lateral movement path value and remediations are re-prioritized.
24. The system of claim 19 , wherein the graph is generated by a discovery service, the discovery service detecting assets using one or more adaptors and respective asset discovery tools that generate an asset inventory and a network map of the enterprise network.
25. The system of claim 19 , wherein each asset is identified as a target within the enterprise network, the target being selected based on a disruption occurring in response to an attack on the target.
26. The system of claim 25 , wherein the disruption is based on one or more metrics.
27. The system of claim 26 , wherein the one or more metrics comprise loss of technical resources, physical losses, disruption in services, and financial losses.
Unknown
November 23, 2021
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.